|Publication number||US7726566 B2|
|Application number||US 11/106,467|
|Publication date||Jun 1, 2010|
|Filing date||Apr 15, 2005|
|Priority date||Apr 15, 2005|
|Also published as||US8136731, US8328093, US8550342, US8833651, US20060231623, US20100237148, US20120139713, US20130001301, US20140027508|
|Publication number||106467, 11106467, US 7726566 B2, US 7726566B2, US-B2-7726566, US7726566 B2, US7726566B2|
|Inventors||Michael K. Brown, Herb Little, Neil Adams|
|Original Assignee||Research In Motion Limited|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (65), Non-Patent Citations (2), Referenced by (17), Classifications (12), Legal Events (3)|
|External Links: USPTO, USPTO Assignment, Espacenet|
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
Smart cards are personalized security devices, defined by the ISO7816 standard and its derivatives, as published by the International Organization for Standardization. A smart card may have a form factor of a credit card and may include a semiconductor device. The semiconductor device may include a memory that can be programmed with security information (e.g., a private decryption key, a private signing key, biometrics, etc.) and may include a processor and/or dedicated logic, for example, dedicated decryption logic and/or dedicated signing logic. A smart card may include a connector for powering the semiconductor device and performing serial communication with an external device. Alternatively, smart card functionality may be embedded in a device having a different form factor and different communication protocol, for example a Universal Serial Bus (USB) device.
Access to security information stored on a smart card is controlled by the processor and/or dedicated logic on the smart card. A smart card reader communicates with the processor and/or dedicated logic in order to access the security information stored on the smart card. It may be prudent, therefore, to ensure that access to the smart card reader (with the smart card inserted therein) is controlled.
Embodiments of the invention are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like reference numerals indicate corresponding, analogous or similar elements, and in which:
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity.
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the invention. However it will be understood by those of ordinary skill in the art that the embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the embodiments of the invention.
A smart card 108 is shown inserted into smart card reader 102. The person whose security information is stored on smart card 108, and is therefore the rightful user of smart card reader 102, may use smart card reader 102 for identification, to unlock mobile device 104, and to digitally sign and/or decrypt messages sent by mobile device 104. Smart card 108 may also include a random number generator.
For example, mobile device 104 may be able to send and receive e-mail messages via an e-mail server (not shown). If, for example, the Secure Multipurpose Internet Mail Extensions (S/MIME) protocol is used, e-mail messages received at mobile device 104 are encrypted using a symmetric algorithm with a random message key generated by the sender of the e-mail message. The e-mail message also includes the message key, encrypted using the public key of the recipient. Upon receipt of an encrypted e-mail message, mobile device 104 may extract the encrypted message key and send it to smart card reader 102 via communication link 106. Smart card reader 102 may send the encrypted message key to smart card 108, and the decryption engine of smart card 108 may decrypt the encrypted message key using the recipient's private decryption key, which is stored in smart card 108. Smart card reader 102 may retrieve the decrypted message key from smart card 108 and forward it to mobile device 104 via communication link 106 so that mobile device 104 can decrypt the received e-mail message. The smart card 108 may prevent unauthorized use of the recipient's private decryption key by requiring that a password or personal identification number (PIN) be supplied before allowing the decryption operation to proceed.
Similarly, to add a digital signature to an e-mail message being sent by mobile device 104, mobile device 104 may send a hash of the contents of the e-mail message to smart card reader 102 over communication link 106. Smart card reader 102 may pass the hash to smart card 108, which may produce a digital signature from the hash and the sender's private signing key, which is stored in smart card 108. Smart card 108 may then pass the digital signature to smart card reader 102, which may forward it to mobile device 104 via communication link 106 so that mobile device 104 can transmit it along with the e-mail message to the e-mail server. Again, smart card 108 may prevent unauthorized use of the recipient's private signing key by requiring that a password or PIN be supplied before allowing the signing operation to proceed.
The unencrypted message key should be sent securely over communication link 106 from smart card reader 102 to mobile device 104 to prevent a third party from retrieving the message key from communication link 106. Similarly, the hash to be signed should be sent authentically over communication link 106 from smart card reader 102 to mobile device 104 to prevent a third party from modifying the hash and thereby causing smart card 108 to produce a signature using a hash different from the hash of the intended message. Therefore communication link 106 may need to be secured using cryptographic techniques.
The person whose security information is stored on smart card 108 may also wish to digitally sign outgoing e-mail sent from a personal computer (not shown) or to decrypt incoming encrypted e-mail received at the personal computer. This will require the personal computer to communicate with smart card reader 102 in much the same way as mobile device 104 communicates with smart card reader 102 as described above. For this purpose, or for other security-related measures (e.g. to permit the person to unlock the personal computer), the communication link between the personal computer and smart card reader 102 may need to be secured using cryptographic techniques.
Smart card reader 102 may be able to maintain dual wireless connections concurrently, one connection to mobile device 104 and another to the personal computer. However, if an attacker were to steal smart card reader 102, establish a wireless connection between smart card reader 102 and another device, and return smart card reader 102 to its rightful user, then as long as smart card reader 102 is within range of the other device, the attacker would have access to smart card reader 102 and smart card 108 without the rightful user of smart card reader 102 being aware of this. Another possibility is that the attacker, having stolen smart card reader 102, could pair smart card reader 102 with the other device in such a way as to facilitate establishment of a wireless connection between smart card reader 102 and the other device, and then return smart card reader 102 to its rightful user. The pairing may occur in a manner that is not wireless, for example, using a USB cable to connect smart card reader 102 briefly to the other device. Once the pairing is complete, the USB cable may be removed, smart card reader 102 may be returned to its rightful user, and a wireless connection between smart card reader 102 and the other device may exist as long as smart card reader 102 is within range of the other device.
One way to handle this potential security issue is to restrict to one the number of wireless connections that smart card reader 102 can make at any given time. In that case, if an attacker establishes a wireless connection 110 between smart card reader 102 and another device, for example, a personal computer 112 belonging to the attacker, the rightful user of smart card reader 102 will be unable to establish a wireless connection between smart card reader 102 and mobile device 104 and will therefore be aware that something is wrong. At this point, the rightful user could repair mobile device 104 and smart card reader 102, thereby removing the existing wireless connection between smart card reader 102 and the other device. Alternatively, the rightful user may notify an administrator of the problem.
Another way to handle this potential security issue is to control the connectivity of smart card reader 102 via mobile device 104 while still enabling smart card reader 102 to maintain more than one wireless connection at a time.
For example, as shown in
In another example, as shown in
Mobile device 104 includes an antenna 502 and smart card reader 102 includes an antenna 512. A non-exhaustive list of examples for antennae 502 and 512 includes dipole antennae, monopole antennae, multilayer ceramic antennae, planar inverted-F antennae, loop antennae, shot antennae, dual antennae, omnidirectional antenna and any other suitable antennae.
Mobile device 104 also includes a communication interface 504 coupled to antenna 502. Smart card reader 102 includes a communication interface 514 coupled to antenna 512. A non-exhaustive list of examples for standards with which communication interfaces 504 and 514 may be compatible includes 802.11a, b, g and n and future related standards, the Bluetooth® standard, the Zigbee™ standard and the like.
Mobile device 104 also includes a processor 506 coupled to communication interface 504, to display 114 and to keyboard 116. Mobile device 104 also includes a memory 508, which may be fixed in or removable from mobile device 104. Memory 508 may be coupled to processor 506 or partly embedded in processor 506. Communication interface 504 and processor 506 may be part of the same integrated circuit or in separate integrated circuits. Similarly, processor 506 and memory 508 may be part of the same integrated circuit or in separate integrated circuits.
Smart card reader 102 also includes a processor 516 coupled to communication interface 514. Smart card reader 102 also includes a memory 518, which may be fixed in or removable from smart card reader 102. Memory 518 may be coupled to processor 516 or partly embedded in processor 516. Communication interface 514 and processor 516 may be part of the same integrated circuit or in separate integrated circuits. Similarly, processor 516 and memory 518 may be part of the same integrated circuit or in separate integrated circuits.
A non-exhaustive list of examples for processors 506 and 516 includes a central processing unit (CPU), a digital signal processor (DSP), a reduced instruction set computer (RISC), a complex instruction set computer (CISC) and the like. Furthermore, processors 506 and 516 may be part of an application specific integrated circuit (ASIC) or may be a part of an application specific standard product (ASSP).
A non-exhaustive list of examples for memories 508 and 518 includes any combination of the following:
Memory 508 may store executable code 509 which, when executed by processor 506, may cause mobile device 104 to implement relevant portions of any or a combination of the methods of
Memory 518 may store executable code 519 which, when executed by processor 516, may cause smart card reader 102 to implement relevant portions of any or a combination of the methods of
While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those of ordinary skill in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the spirit of the invention.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5193114 *||Aug 8, 1991||Mar 9, 1993||Moseley Donald R||Consumer oriented smart card system and authentication techniques|
|US5677524 *||Oct 26, 1995||Oct 14, 1997||Gao Gesellschaft Fur Automation Und Organisation Mbh||Chip card and a method for producing it|
|US6424947||Sep 21, 1998||Jul 23, 2002||Nds Limited||Distributed IRD system|
|US6687350 *||Oct 26, 1998||Feb 3, 2004||Bell Canada||Smart card reader and transaction system|
|US6942147 *||Feb 8, 2001||Sep 13, 2005||Nokia Corporation||Smart card reader|
|US7188089 *||Mar 25, 2004||Mar 6, 2007||Way Systems, Inc.||System and method for securely storing, generating, transferring and printing electronic prepaid vouchers|
|US7251727 *||Aug 6, 2004||Jul 31, 2007||Research In Motion Limited||System and method for surely but conveniently causing reset of a computerized device|
|US7266393 *||Apr 5, 2001||Sep 4, 2007||Nokia Corporation||Connecting access points in wireless telecommunications systems|
|US7284061 *||Nov 13, 2001||Oct 16, 2007||Canon Kabushiki Kaisha||Obtaining temporary exclusive control of a device|
|US7336973 *||Oct 28, 2003||Feb 26, 2008||Way Systems, Inc||Mobile communication device equipped with a magnetic stripe reader|
|US7439872 *||Feb 6, 2003||Oct 21, 2008||Nokia Corporation||Method and mobile device for non-visually signaling the state of a mobile device|
|US7464865 *||Apr 28, 2006||Dec 16, 2008||Research In Motion Limited||System and method for managing multiple smart card sessions|
|US7562219 *||Jul 14, 2009||Research In Motion Limited||Portable smart card reader having secure wireless communications capability|
|US20010008014 *||Jan 26, 2001||Jul 12, 2001||Brendan Farrell||Automatic network connection using a smart card|
|US20010054148 *||Feb 20, 2001||Dec 20, 2001||Frank Hoornaert||Field programmable smart card terminal and token device|
|US20020011516 *||Jun 8, 2001||Jan 31, 2002||Lee Patrick S.||Smart card virtual hub|
|US20020047045 *||Oct 16, 2001||Apr 25, 2002||International Business Machines Corporation||Embedded smart card reader for handheld-computing devices|
|US20020174444 *||May 21, 2001||Nov 21, 2002||Jean-Marie Gatto||Trusted transactional set-top box|
|US20030093670 *||Nov 13, 2001||May 15, 2003||Matsubayashi Don Hideyasu||Remotely obtaining temporary exclusive control of a device|
|US20030110512 *||Dec 4, 2002||Jun 12, 2003||Koichi Maari||Network system, communication method of network system, electronic device, communication method of electronic device, communication apparatus, communication method of communication apparatus, storage medium, and computer program|
|US20030145221 *||May 21, 2001||Jul 31, 2003||Clemens Atzmueller||Smart cards for the authentication in machine controls|
|US20030183691 *||Feb 8, 2001||Oct 2, 2003||Markku Lahteenmaki||Smart card reader|
|US20040042604 *||Sep 6, 2001||Mar 4, 2004||Miska Hiltunen||Management of portable radiotelephones|
|US20040087339 *||Oct 28, 2003||May 6, 2004||Scott Goldthwaite||Mobile communication device equipped with a magnetic stripe reader|
|US20040127256 *||Jul 23, 2003||Jul 1, 2004||Scott Goldthwaite||Mobile device equipped with a contactless smart card reader/writer|
|US20040169072 *||Jun 2, 2003||Sep 2, 2004||David Peng||Business card reader|
|US20040188519||Mar 31, 2003||Sep 30, 2004||Kepler, Ltd. A Hong Kong Corporation||Personal biometric authentication and authorization device|
|US20040214524 *||Nov 29, 2002||Oct 28, 2004||Takuro Noda||Communication device and method|
|US20040230489 *||Dec 5, 2003||Nov 18, 2004||Scott Goldthwaite||System and method for mobile payment and fulfillment of digital goods|
|US20040236547 *||Nov 18, 2003||Nov 25, 2004||Rappaport Theodore S.||System and method for automated placement or configuration of equipment for obtaining desired network performance objectives and for security, RF tags, and bandwidth provisioning|
|US20050015467 *||Nov 18, 2002||Jan 20, 2005||Takurou Noda||Communication device and method|
|US20050054329 *||Sep 10, 2004||Mar 10, 2005||Nec Corporation||Wireless network registration system and wireless network registration method thereof|
|US20050076212 *||Jun 18, 2004||Apr 7, 2005||Yusuke Mishina||Method and system for authenticating service using integrated circuit card|
|US20050156026 *||Jun 22, 2004||Jul 21, 2005||Angana Ghosh||EMV transactions in mobile terminals|
|US20050195975 *||Jul 6, 2004||Sep 8, 2005||Kevin Kawakita||Digital media distribution cryptography using media ticket smart cards|
|US20050268084 *||Aug 6, 2004||Dec 1, 2005||Research In Motion Limited||System and method for surely but conveniently causing reset of a computerized device|
|US20060006230 *||Oct 16, 2003||Jan 12, 2006||Alon Bear||Smart card network interface device|
|US20060059503 *||Aug 26, 2004||Mar 16, 2006||Patrick Will||Control device, smart card reading activation device and associated products|
|US20060091200 *||Aug 17, 2005||May 4, 2006||Inventec Appliances Corp.||Method and apparatus for integrating a mobile phone with a contactless IC card|
|US20060218397 *||Mar 22, 2005||Sep 28, 2006||Research In Motion Limited||Apparatus and methods for sharing cryptography information|
|US20060223566 *||Apr 4, 2005||Oct 5, 2006||Research In Motion Limited||Determining a target transmit power of a wireless transmission according to security requirements|
|US20060224601 *||Apr 4, 2005||Oct 5, 2006||Research In Motion Limited||Proxy policy|
|US20060224892 *||Apr 4, 2005||Oct 5, 2006||Research In Motion Limited||Securing a link between two devices|
|US20060225126 *||Apr 4, 2005||Oct 5, 2006||Research In Motion Limited||Securely using a display to exchange information|
|US20060231623 *||Apr 15, 2005||Oct 19, 2006||Research In Motion Limited||Controlling connectivity of a wireless smart card reader|
|US20060233374 *||Apr 15, 2005||Oct 19, 2006||Research In Motion Limited||Gathering randomness in a wireless smart card reader|
|US20060236117 *||Apr 4, 2005||Oct 19, 2006||Mihal Lazaridis||Portable smart card reader having secure wireless communications capability|
|US20060236126 *||Apr 4, 2005||Oct 19, 2006||Research In Motion Limited||System and method for deleting confidential information|
|US20070028118 *||Aug 4, 2005||Feb 1, 2007||Research In Motion Limited||System and method for encrypted smart card pin entry|
|US20070152035 *||Dec 29, 2005||Jul 5, 2007||Adams Neil P||Method and apparatus for contactless payment authentication|
|US20070167194 *||Jan 13, 2006||Jul 19, 2007||Research In Motion Limited||Plural wirelessly connected devices with user alarm if wireless connection is lost or endangered|
|US20070203836 *||Feb 28, 2006||Aug 30, 2007||Ramy Dodin||Text message payment|
|US20070251997 *||Apr 28, 2006||Nov 1, 2007||Research In Motion Limited||System and method for managing multiple smart card sessions|
|US20070266247||May 12, 2006||Nov 15, 2007||Research In Motion Limited||System and method for exchanging encryption keys between a mobile device and a peripheral output device|
|US20080016368||Jul 17, 2006||Jan 17, 2008||Research In Motion Limited||Management of multiple connections to a security token access device|
|US20080016537||Jul 17, 2006||Jan 17, 2008||Research In Motion Limited||Management of multiple connections to a security token access device|
|US20080017711 *||Jan 11, 2007||Jan 24, 2008||Research In Motion Limited||Method, system and smart card reader for management of access to a smart card|
|US20080022043 *||Mar 16, 2007||Jan 24, 2008||Research In Motion Limited||Method, system and smart card reader for management of access to a smart card|
|US20080214241 *||Mar 26, 2008||Sep 4, 2008||Nokia Corporation||Wireless Control of Operating Characteristics of Electronic Data Cards|
|US20090001160 *||Jun 27, 2008||Jan 1, 2009||Research In Motion Limited||System and method for improving smart card reader reconnections|
|US20090095812 *||Dec 15, 2008||Apr 16, 2009||Research In Motion Limited||System and method for managing multiple smart card sessions|
|EP1041520A2 *||Mar 16, 2000||Oct 4, 2000||Nokia Mobile Phones Ltd.||Transfer of electronic money|
|EP1713205A1 *||Apr 15, 2005||Oct 18, 2006||Research In Motion Limited||Controlling connectivity of a wireless smart card reader|
|JP2003076956A *||Title not available|
|WO2004012352A1||Jul 24, 2003||Feb 5, 2004||Way Systems, Inc.||Mobile device equipped with a contactless smart card reader/writer|
|1||Grimaldo, M , "EESR", Extended European Search Report for EP 05103026.0, Jan. 11, 2006.|
|2||Preuss, Norbert , "EESR", Extended European Search Report for EP 06117313.4, May 31, 2007.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US8136731 *||May 31, 2010||Mar 20, 2012||Research In Motion Limited||Controlling connectivity of a wireless smart card reader|
|US8328093 *||Feb 12, 2012||Dec 11, 2012||Research In Motion Limited||Controlling connectivity of a wireless smart card reader|
|US8533123||Dec 13, 2011||Sep 10, 2013||Magtek, Inc.||Systems and methods for conducting contactless payments using a mobile device and a magstripe payment card|
|US8550342 *||Sep 12, 2012||Oct 8, 2013||Blackberry Limited||Controlling connectivity of a wireless smart card reader|
|US8833651 *||Sep 30, 2013||Sep 16, 2014||Blackberry Limited||Controlling connectivity of a wireless-enabled peripheral device|
|US8870065||Mar 16, 2011||Oct 28, 2014||Sherry Brennan||Multi-use electronic card balance reader|
|US8875998||Mar 14, 2013||Nov 4, 2014||Sherry Brennan||Middle class america card|
|US9003516 *||Sep 13, 2012||Apr 7, 2015||Blackberry Limited||System and method for encrypted smart card pin entry|
|US9076273||Feb 22, 2013||Jul 7, 2015||Identive Group, Inc.||Method and system for providing identity, authentication, and access services|
|US9141091||Jan 22, 2013||Sep 22, 2015||Identive Group, Inc.||Cloud secure channel access control|
|US20100237148 *||May 31, 2010||Sep 23, 2010||Brown Michael K||Controlling Connectivity of a Wireless Smart Card Reader|
|US20110226852 *||Sep 22, 2011||Sherry Brennan||Multi-use electronic card balance reader|
|US20120139713 *||Jun 7, 2012||Research In Motion Limited||Controlling Connectivity of a Wireless Smart Card Reader|
|US20130001301 *||Sep 12, 2012||Jan 3, 2013||Research In Motion Limited||Controlling Connectivity of a Wireless Smart Card Reader|
|US20130019102 *||Sep 13, 2012||Jan 17, 2013||Research In Motion Limited||System and method for encrypted smart card pin entry|
|US20140027508 *||Sep 30, 2013||Jan 30, 2014||Blackberry Limited||Controlling Connectivity of a Wireless-Enabled Peripheral Device|
|WO2013110074A1 *||Jan 22, 2013||Jul 25, 2013||Identive Group, Inc.||Cloud secure channel access control|
|U.S. Classification||235/451, 235/449, 235/435, 455/558, 235/487|
|International Classification||G06K7/08, H04B1/38, G06K7/00, G06K19/00|
|Cooperative Classification||G06K19/0723, G06K7/0008|
|Apr 15, 2005||AS||Assignment|
Owner name: RESEARCH IN MOTION LIMITED, CANADA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BROWN, MICHAEL;LITTLE, HERB;ADAMS, NEIL;REEL/FRAME:016483/0378
Effective date: 20050415
Owner name: RESEARCH IN MOTION LIMITED,CANADA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BROWN, MICHAEL;LITTLE, HERB;ADAMS, NEIL;REEL/FRAME:016483/0378
Effective date: 20050415
|Oct 30, 2013||FPAY||Fee payment|
Year of fee payment: 4
|Jun 11, 2014||AS||Assignment|
Owner name: BLACKBERRY LIMITED, ONTARIO
Free format text: CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:033134/0228
Effective date: 20130709